I'd like to implement qos traffic-shaping from our public wireless network to sites like apple's appstore or google's appstore.
When i look at the monitor screen of our palo, i only see ssl traffic. Do i need to decrypt the ssl traffic first so i can determine if it's app-id is android-market / apple-store ??
Our goal is to limit the amount of mobile / wireless traffic from automatic app-updates in order to give priority to other traffic like http or twitter etc..
How do i accomplish this ?
In QoS Policy rule ( Polices -> QoS ) we have an Application tab which you can use. If you not are aware of QoS implementation in PA, then first you have to read QoS document QoS in PAN-OS 4.1
Patrick the guide that was posted was helpful for us when we did exactly as you hope to do on our Public WiFi. We chose various BW intensive applications and put them in a specific class and then applied a download QoS profile policy to that traffic to help reduce the load it was putting on that link. Worked great. One issue that you might have is that policies can only be applied in one direction on the port, so if the outbound (upload) port is shared with other services you might want to separate that so you can have a more granular control over uploads from public vs. other segments/users.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!